package com.toolsder.demo.spring.security.jwt.config.auth;

import com.toolsder.demo.spring.security.jwt.service.ResourcesService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

@Component("rabcService")
public class MyRBACService {

    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Autowired
    private ResourcesService resourcesService;


    /**
     * 判断某用户是否具有该request资源的访问权限
     */
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            String username = ((UserDetails) principal).getUsername();
            List<String> urls = resourcesService.findByPhoneNumber(username);
            return urls.stream().anyMatch(url -> antPathMatcher.match(url, request.getRequestURI()));
        }
        return false;
    }


}
